ikev2: Skip peer addresses we can't send packets to when looking for valid paths
authorTobias Brunner <tobias@strongswan.org>
Mon, 28 Jul 2014 10:04:40 +0000 (12:04 +0200)
committerTobias Brunner <tobias@strongswan.org>
Fri, 12 Sep 2014 08:29:36 +0000 (10:29 +0200)
src/libcharon/sa/ike_sa.c

index e63e0fa..516b243 100644 (file)
@@ -1911,11 +1911,29 @@ static bool is_any_path_valid(private_ike_sa_t *this)
        bool valid = FALSE;
        enumerator_t *enumerator;
        host_t *src = NULL, *addr;
+       int family = AF_UNSPEC;
+
+       switch (charon->socket->supported_families(charon->socket))
+       {
+               case SOCKET_FAMILY_IPV4:
+                       family = AF_INET;
+                       break;
+               case SOCKET_FAMILY_IPV6:
+                       family = AF_INET6;
+                       break;
+               case SOCKET_FAMILY_BOTH:
+               case SOCKET_FAMILY_NONE:
+                       break;
+       }
 
        DBG1(DBG_IKE, "old path is not available anymore, try to find another");
        enumerator = create_peer_address_enumerator(this);
        while (enumerator->enumerate(enumerator, &addr))
        {
+               if (family != AF_UNSPEC && addr->get_family(addr) != family)
+               {
+                       continue;
+               }
                DBG1(DBG_IKE, "looking for a route to %H ...", addr);
                src = hydra->kernel_interface->get_source_addr(
                                                                                hydra->kernel_interface, addr, NULL);